Zettaset Offers RBAC, Encryption for Hadoop Big Data Platforms

By Sean Michael Kerner |
Posted 2013-11-20

"Big data" is one of the hottest terms in IT today as organizations look to extract value from large volumes of unstructured content. With all that data available, proper controls and, more importantly, encryption must be in place to prevent abuse.

That's where new technology from Zettaset comes into play; the company is offering role-based access control (RBAC) and encryption for Hadoop big data platforms. Hadoop is an open-source technology that has become one of the default choices for big data.

At the beginning of the year, Zettaset raised $10 million to fund its big data security efforts. Since receiving the new funding, the company has been building out its services and is now adding encryption to the mix, Jim Vogt, CEO of Zettaset, told eWEEK.

Today, the Zettaset Hadoop encryption capability is limited to the Hadoop Distributed File System (HDFS), Vogt explained. There are multiple other file systems that can and are being used today in Hadoop deployments beyond HDFS, including the Red Hat-backed Gluster file system. Over time, the plan from Zettaset is to expand to support more file systems beyond HDFS.

A key concern whenever encryption is deployed is how it will affect system performance and latency.

"We are doing encryption with less than 3 percent performance impact today," Vogt said. "You would think that a solution like this would introduce latency, but it's really a neutral impact to performance."

The other concern that often arises with the use of any type of encrypted data is how access is granted. The way the Zettaset solution works is with fine-grained RBACs. Those controls grant and restrict access based on user roles and IT policies. With any type of encryption, there is also a need to securely store the associated encryption keys. With a Hadoop system, that can be a challenging prospect since the technology is often deployed in a highly distributed manner.

"There is some secret sauce here that we have due to the distributed nature of the problem," Vogt said. "We have filed some patents around this issue as well."

With the new encryption capabilities, Vogt is aiming to help enable more Hadoop deployments.

"This is supposed to be the breakout year for Hadoop, but what we have found is that a lot of large organizations that were testing Hadoop last year, did not deploy it this year," Vogt said.

"The biggest show-stopper is security; they need to understand who is accessing the data, have compliance and be able to encrypt sensitive data."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.